Solved: How Anyconnect checks symantec definition date

kareali@cisco.com · ‎06-16-2016

Hello,

we are running ISE 1.4 with anyconnect version 4 . one of the requirements is to check symantec definition if it's up to date or not

the condition in ISE is predefined all i can do is to choose AV type and version so the question is how anyconnect checks for the AV definition date ? file path or registry path ?

we are using Symantec Endpoint protection SEP 12.1

Jason Kunst · ‎06-16-2016

Depends on the vendor. Any connect reaches out to middleware (compliance module) that has all the vendor information. I don't have direct access to that but I searched on internet and found this;

https://support.symantec.com/en_US/article.TECH95856.html

View solution in original post

Jason Kunst · ‎06-16-2016

Depends on the vendor. Any connect reaches out to middleware (compliance module) that has all the vendor information. I don't have direct access to that but I searched on internet and found this;

https://support.symantec.com/en_US/article.TECH95856.html

jim.thomas · ‎06-16-2016

Cisco and other vendors use another organization OPSWAT who provide certification of 3rd party software like this for AV, AS, Host IPS , Host Firewall, etc. OPSWAT goes through the determination of make and version of AV. Then, OPSWAT provides the data to Cisco which Cisco periodically publishes and then you download to your clients. They key here is that there are multiple parties involved ...

!) AV vendor releases software

2) OPSWAT has a timeframe that they test and certify but do not release the data ad-hoc. Its periodic and cyclic.

3) Cisco gets the data and packages/releases to public

4) Customer updates their clients

FYI, OPSWAT also has a verification tool that you can leverage to determine if AV/AS software is detected based on their modules.